Lucene search
ElasticCVELIST:CVE-2022-23708HistoryMar 03, 2022 - 9:48 p.m.
CVE-2022-23708
2022-03-0321:48:14
CWE-264
elastic
www.cve.org
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
CNA Affected
[
{
"product": "elasticsearch",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "Versions 7.16.0 through 7.17.0"
}
]
}
]Related
redhatcve
redhatcve
CVE-2022-23708
2022-03-21 16:34:16
prion
prion
Code injection
2022-03-03 22:15:00
osv
osv
CVE-2022-23708
2022-03-03 22:15:08
Elasticsearch privilege escalation
2022-03-04 00:00:15
BIT-elasticsearch-2022-23708
2024-03-06 10:52:31
veracode
veracode
Privilege Escalation
2022-03-09 03:47:40
ubuntucve
ubuntucve
CVE-2022-23708
2022-03-03 00:00:00
cnvd
cnvd
Elasticsearch permission permission and access control issues vulnerability
2022-03-04 00:00:00
openvas
openvas
Elastic Elasticsearch Privilege Escalation Vulnerability (ESA-2022-02)
2022-03-04 00:00:00
github
github
Elasticsearch privilege escalation
2022-03-04 00:00:15
cve
cve
CVE-2022-23708
2022-03-03 22:15:08
nvd
nvd
CVE-2022-23708
2022-03-03 22:15:08
nessus
nessus
Kibana 7.15.0 < 7.17.1 Multiple Vulnerabilities
2023-01-11 00:00:00